Learning to use AES encryption

I’ve started working on a simple credentials manager app that runs on the console and I wanted the credentials that are kept on file to be encrypted for obvious reasons. The app is written in C++ and I needed to find and work with an appropriate encryption library.

I’ve tried using two libraries: OpenSSL and Tiny-AES-C. OpenSSL is meant to be a hardened production ready library and it’s trusted by many. Using the libCrypto API that comes with OpenSSL proved to be a challenge to get working with though. I guess with such a powerful library you need to understand all setup and config it provides and I didn’t have the time and energy to dig too deep on that.

Giving up on OpenSSL, I tried my luck with Tiny-AES-C as it’s a far simpler C library that implements just the AES encryption algorithm. AES seems to be the “most” secure algorithm at this time (2020) so seems like a good option to go with. You can find the Tiny-AES-C project on GitHub: https://github.com/kokke/tiny-AES-c. You’d need to compile the library to use it in your project. Reading the Makefile in the project indicates various build options one of which is to build the lib target:

Tiny-AES-C Makefile: target for building the static library

Using Tiny-AES-C took an attempt or two but I’ve managed to create a sample app that handles the following:

  • Padding plain text to block length of 16
  • Encrypting plain text
  • Decrypting plain text
  • Identifying and removing padding from decrypted text

My example Tiny-AES-C usage project can be found here https://github.com/AdhirRamjiawan/Tiny-AES-C-Example

Some considerations to have after getting my example app working:

  • You need to ensure that the buffer size used for encryption/decryption is a multiple of 16 else you’ll get strange buffer overrun issues.
  • With AES CBC algorithm you need to employ some padding mechanism. Padding should be done to ensure block size of 16, so the total length of the text to be encrypted should be a multiple of 16.
  • The Key and IV (Initial Vector) parameters should NOT be kept in your code. I’ve kept it in the example app as a frame of reference going forward. Ideally you should consider using an environment variable or maybe another file containing this info.
  • Ideally the Key should be derived from a passphrase or similar (need to expand on this)
  • Ideally the IV should be generated using a psuedorandom number generator. (need to expand on this)

Git shallow cloning stuff

so after you use shallow cloning in git using –depth 1, if you call git pull you will find that git will pull all changes not just –depth 1.

to honour the –depth 1 from cloning we call call git pull with the same depth:

git pull –depth 1 origin master

life saving stuff

Quick cloning of kernel mainline

git clone –depth 1 https://github.com/torvalds/linux.git linux_mainline

using github as it’s a mirror of mainline and depending where you’re accessing the internet from, much faster.

the –depth 1 will limit the history to 1 commit back I believe. If you’d need to view more than that then you can probably use

git log — [filename]

https://stackoverflow.com/questions/278192/view-the-change-history-of-a-file-using-git-versioning

Quake 2 tools

Over the past few weeks (perhaps few months) I’ve been trying to create a few Quake 2 tools that can run on the browser from scratch. I’ve started working with a Pak extractor tool that should allow you to load a pak archive, page/search through all items, add/remove items from the archive and also allow you to preview each of the content types in the pak. After some trial and error I’ve managed to extract the Wav audio lumps and play it through the HTML 5 audio api. Now to get a bit more adventurous I’ve started looking into the Wal and Pcx lumps used for textures in Quake 2. Wal is a proprietary format created by Id software for the game and Pcx was a widely used format back when VGA graphics was popular. My attempt to extract Pcx image data and display it on the HTML canvas has been challenging. There is a lot of info online relating to Pcx file format, and in some cases how to attempt to read the data. In future posts I’ll try to document the methods I’ve used to load each of the lump formats.